From owner-freebsd-pf@FreeBSD.ORG Sat Jan 15 17:23:56 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3273316A4CE for ; Sat, 15 Jan 2005 17:23:56 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82A2843D2D for ; Sat, 15 Jan 2005 17:23:55 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CpreS-0006dU-00; Sat, 15 Jan 2005 18:23:52 +0100 Received: from [217.227.148.121] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CpreR-0000aW-00; Sat, 15 Jan 2005 18:23:51 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Sat, 15 Jan 2005 18:23:37 +0100 User-Agent: KMail/1.7.2 References: <41E8B102.20706@forrie.com> In-Reply-To: <41E8B102.20706@forrie.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1791697.6OMcbFaPMA"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200501151823.45078.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: How to determine "hits" on rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jan 2005 17:23:56 -0000 --nextPart1791697.6OMcbFaPMA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 15 January 2005 06:58, Forrest Aldrich wrote: > I'm migrating one of my systems to PF from IPFW. > > In so doing and planning, I've reviewed the manpages and some online > literature. > > I've become dependent upon "ipfw -t" to determine hits on various spam > rules I've implemented - some of them large lists of /24's. > > I've not been able to determine that there is an equivalent in PF - > though I imagine there must be some method to accomplish this. > > I'd appreciate if someone could help point in the right direction. On Wednesday 12 January 2005 17:13, I wrote: > No, there is no such functionality. In fact, we don't even store such da= ta > in the rules. For rules that create state, you can check the output of > "$pfctl -vvss" for the newest state for a certain rule. For rules that do > logging, you can check /var/log/pflog for the last packet logged. > > I don't really see the point in this information. Why do you want to know > this? Can you explain a bit - it's certainly not difficult to implement. In any case: "pfctl -vsr" will give you counters on each rule. If you use a table to store the spammer-addresses, you might find: "pfctl=20 =2DvvTshow -t table_name" interesting. Check: http://www.benzedrine.cx/relaydb.html for a step-by-step tutorial, h= ow=20 to deal with spammers with the help of pf. This might give you some ideas. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1791697.6OMcbFaPMA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB6VGgXyyEoT62BG0RAsPhAJ98F4R7ILyOpJM1rfgILPcPPW9uKQCdGZcQ P6B54jXUBkua73dxx/vohIc= =ntxA -----END PGP SIGNATURE----- --nextPart1791697.6OMcbFaPMA--